Select from those apps approved by your company
The cloud provides many free IT apps to share and collaborate with your friends and colleagues, including Dropbox, Slack, Google Drive, iCloud, etc. If your company has not authorized their use for company data, then they are unapproved and you shouldn’t be storing work data there.
Companies provide appropriate tools for their employees to perform their roles effectively and efficiently. This means picking the best tool(s) to meet everyone’s needs. This may result in a better fit for some than for others. With the constant introduction of new solutions, some employees may find and start using new tools that, they feel, better meet their needs. This phenomenon is known as Shadow IT. This is dangerous for both your company and you.
Shadow IT is the use of IT-related hardware or software by a department or individual without the knowledge of the IT or security group within the organization. It can encompass cloud services, software, and hardware.
Shouldn’t my employer be happy that I found a better solution?
Yes. This can be a big help to your employer, provided you present your findings to your IT department and let them vet the solution. Jumping onto the new solution without your IT department’s support is dangerous.
How is it dangerous?
Please reflect on the following (from your employer’s point of view):
- The developer of the new solution is in the business to make money. “Free” solutions typically still provide the developer with a way to monetize their product. This may include ads (not so dangerous), installing additional software on your computer (dangerous) or sifting through your data to build a profile of you.
- The software may have been cobbled together on a shoestring budget with most of their time focused on features and not on security and stability.
- Software, including plugins, can misbehave on its own or when running next to your business software. This makes troubleshooting more difficult.
- Your IT department can’t protect what it doesn’t know about.
- If you and a group of fellow employees are sharing data in an unsanctioned app, who is going to remove your permissions when you leave the company?
- If your company must adhere to industry or government regulations, who is assuring that your solution meets these?
OK. So, it’s potentially dangerous to my employer, but how is it dangerous to me?
Purposefully putting company data at risk is a potentially liable offence. Imagine that you store company data on a system that incurs a data breach, or your company is sued because the solution you are using doesn’t meet industry or government regulations?
I found this great app. I started using it, and everything is fine.
Really? Everything? Or just the things you know about? Those in IT spend a lot of time focusing on the back end of systems, not just the front (user) end. Newly installed apps come with several defaults that need to be changed immediately to fully protect it. Cases abound of unsecured databases in AWS, Google docs and the like, which allowed hackers (are they still called hackers if they just walk through open doors?) to make off with company secrets and personal information.
Additionally, software needs to be updated and maintained. Just because it’s working for you now doesn’t mean that it will continue to do so.
Why can’t my company just change to the new app I found?
It takes a while to analyze a new system to make sure it meets the needs of the company, including budgetary, functional, and security needs. Some of the things a company needs to consider are:
- Will this new solution be around for a long time? Sometimes, following the latest trends can lead to transitioning to solutions that don’t stand the test of time and whose developers no longer support the product.
- What kind of support does it provide? Many free and cheap solutions only provide intermittent email support.
- Does it meet the needs of all employees, or just some?
- How much does it cost. Many apps which are free for personal use charge for use in a business environment.
- How long will it take to migrate data from the current system to the new one? Especially with proprietary databases, migration is time consuming and risky.
Is this really a problem?
Gartner predicted that by 2020 one-third of successful attacks experienced by enterprises would be on their shadow IT resources (Source)
I’m on my home computer, so I can do whatever I want, right?
Yes. But you should still be careful. You may want to stick with systems from big name companies, that will be around for a while and will notify you if they have a breach.
If you have questions about this, please let us know and we will be happy to assist you.